You are viewing a plain text version of this content. The canonical link for it is here.
Posted to asp@perl.apache.org by Dariusz Pietrzak <da...@ajax.umcs.lublin.pl> on 2001/06/25 15:17:31 UTC
Auth
Ehlo,
this may be a little bit offtopic for this list,
but maybe someone knows how to cancecl authentication
done by apache ( I need logout button, and generaly ability
to cancel auth via some function ).
I suspect all that I need to do is erase 'Name' or 'Password'
entries from server variables or something similiar,
problem is that ASP gives only read-only acces to server variables.
OTOH nobody stops me from using Apache:: modules and access apache that
way.
Hmm, there is example in distribution that if I understand correctly
cancels auth by changing domain to Domain.$random, should work, but is
there some more direct way of doing this?
reg. yck.
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Typo on WWW.
Posted by Joshua Chamas <jo...@chamas.com>.
Dariusz Pietrzak wrote:
>
> $data = $Session->{complex}{data}; # Read ok.
> $Session->{complex}{data} = $data; # Write NOT ok.
> $Session->{complex} = {data => $data}; # Write ok, all at once.
>
> Please see MLDBM for more information on this topic. $Session can also be
> used for the following methods and properties:
>
> Hmm, i think that equivalent to $Session->{complex} = {data => $data }
> would be $Session->{complex}->{data} = $data
> not $Session->{complex}{data} = $data.
>
$Session->{complex}->{data} = $data
$Session->{complex}{data} = $data
These two should be the same, the arrow being an alias.
Note in the above, I am not trying to say to do either of these
$Session->{complex}{data} = $data; # Write NOT ok.
NOT ok because the data won't get stored. A complex data
structure can only be stored to a tied data structure
if its top level value is modified:
$Session->{complex} = {data => $data};
This is just to trigger the correct STORE() response from
perl's tied interface on that hash ref.
--Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks Founder Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Typo on WWW.
Posted by Dariusz Pietrzak <da...@ajax.umcs.lublin.pl>.
$data = $Session->{complex}{data}; # Read ok.
$Session->{complex}{data} = $data; # Write NOT ok.
$Session->{complex} = {data => $data}; # Write ok, all at once.
Please see MLDBM for more information on this topic. $Session can also be
used for the following methods and properties:
Hmm, i think that equivalent to $Session->{complex} = {data => $data }
would be $Session->{complex}->{data} = $data
not $Session->{complex}{data} = $data.
--
Dariusz Pietrzak
Excuse me, I'm cixelsyd today
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
IE 401 Basic Auth Cache Buster ...
Posted by Joshua Chamas <jo...@chamas.com>.
Philip Mak wrote:
>
> How do you implement your own authentication in Apache::ASP, anyway? I
> can't seem to get it to work.
>
> I did this:
>
> $Response->{Status} = 401;
> $Response->AddHeader('WWW-Authenticate', 'basic realm="MyRealm"');
>
I never personally used 401 auth because of IE's caching,
but I think I have some code to finally deal with this...
a new era begins :)
This method (code below) entirely controls the basic auth process,
& doesn't let Apache do any of it, including the 401 error message,
so we can conrol the basic realm completely. It really works for IE!
The code is a very tweaked version of what was in
dev/*.auth and dev/auth/global.asa in the ASP distribution.
I had to not use $Response->{Status} = 401, because my
WinNT Apache would crash with this set without other
Apache Auth directives configured.
--Josh
# .htaccess
<Files ~ (\.auth)>
SetHandler perl-script
PerlHandler Apache::ASP
PerlSetVar Debug 2
PerlSetVar Global auth
# session restarts every 6 seconds for testing purposes
PerlSetVar SessionTimeout .1
PerlSetVar StateDir /tmp/asp_auth_test
</Files>
# auth/global.asa
use MIME::Base64;
use vars qw(%PASS);
%PASS = ('TEST' => 'TEST');
sub Session_OnStart {
$Response->AppendToLog("starting session");
$Session->{AuthID} = substr($Session->SessionID, 0, 8).rand();
}
sub Script_OnStart {
my $auth = Apache->header_in('Authorization');
my($user, $pass);
if ($auth && ($auth =~ /^Basic (.*)$/i)) {
($user,$pass) = split(/:/, decode_base64($1), 2);
$Response->Debug("got user $user, pass $pass for basic auth");
}
if ($Session->{AuthInit} && $user && ($PASS{$user} eq $pass)) {
$ENV{REMOTE_USER} = $user;
$Request->ServerVariables->{REMOTE_USER} = $user;
} else {
$Session->{AuthInit} = 1;
$Response->Debug("forcing authenticate");
$Response->AddHeader('WWW-Authenticate', 'basic realm="MyRealm-'.$Session->{AuthID}.'"');
Apache->cgi_header_out('Status', 401);
$Response->Write("<h2>Failed 401 Authorization</h2>");
$Response->End;
}
}
# authen.auth ASP script
<html><body>
Congrats!, you got in!<p>
<%
my $env = $Request->ServerVariables();
for(sort keys %$env) {
print "<b>$_</b>: $env->{$_}<br>\n";
}
%>
</body></html>
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Auth
Posted by Philip Mak <pm...@aaanime.net>.
How do you implement your own authentication in Apache::ASP, anyway? I
can't seem to get it to work.
I did this:
$Response->{Status} = 401;
$Response->AddHeader('WWW-Authenticate', 'basic realm="MyRealm"');
But Apache mangles the WWW-Authenticate header:
HTTP/1.1 401 Authorization Required
Date: Tue, 26 Jun 2001 16:05:21 GMT
Server: Apache/1.3.19 (Unix) mod_gzip/1.3.19.1a mod_perl/1.25
WWW-Authenticate: Basic realm="
and my web browser complained that it didn't recognize the authentication
method.
-Philip Mak (pmak@aaanime.net)
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Auth
Posted by Joshua Chamas <jo...@chamas.com>.
Dariusz Pietrzak wrote:
>
> > I'm not sure if it's actually possible to do this. When you use HTTP
> > Authentication, the user's web browser remembers the username and password
> > that they typed in, and automatically sends it with all subsequent
> > requests to the server. I'm not sure if there is a way for the server to
> > tell the web browser to stop sending the password.
> Hmm, that's a pity.
> I adapted solution from examples: dev/auth/global.asa to my needs and it
> seems to solve the problem, I only hoped for more clean solution.
> At least it works for mozilla.
>
I'm not sure I ever fully solved the auth problem in dev/auth/global.asa
The problem I don't think I solved was something with IE saving the
password & then when prompted for a login again, you hit cancel in
IE and it lets you in.
I think to fully bust IE's 401 cache, you need to fully control
the auth process and not rely on Apache for any bit of it, so
that you can control the auth realm on each request.
--Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks <- Web Link Checking Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Auth
Posted by Dariusz Pietrzak <da...@ajax.umcs.lublin.pl>.
> I'm not sure if it's actually possible to do this. When you use HTTP
> Authentication, the user's web browser remembers the username and password
> that they typed in, and automatically sends it with all subsequent
> requests to the server. I'm not sure if there is a way for the server to
> tell the web browser to stop sending the password.
Hmm, that's a pity.
I adapted solution from examples: dev/auth/global.asa to my needs and it
seems to solve the problem, I only hoped for more clean solution.
At least it works for mozilla.
--
Dariusz Pietrzak
Certified Nobody
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: New install on Solaris: global.asa not loaded
Posted by Joshua Chamas <jo...@chamas.com>.
Joshua Chamas wrote:
>
> >From your log:
> > GlobalASA package Apache::ASP::Compiles::_tmp_global_asa
> > global.asa was cached for _tmp_global_asa
>
> There is some setting somewhere that has Global set to /tmp,
> this might be in your .htaccess file and is being used where
> .htaccess is not.
>
Sorry, meant to say check your httpd.conf for that stray config.
--Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks Founder Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: New install on Solaris: global.asa not loaded
Posted by Joshua Chamas <jo...@chamas.com>.
"John D. Leonard II" wrote:
>
> All:
>
> I've installed Apache::ASP on a Solaris 5.8 box (Apache 1.3.20, modperl
> 1.25, PHP, openssl, etc.)
>
> I am having trouble running scripts in the global.asa file. I must have
> some setting screwed up on the .htaccess file or the httpd.conf file. But
> what????
>
Whereever PerlSetVar Global is pointed to, that is where your global.asa
needs to be
>From your log:
> GlobalASA package Apache::ASP::Compiles::_tmp_global_asa
> global.asa was cached for _tmp_global_asa
There is some setting somewhere that has Global set to /tmp,
this might be in your .htaccess file and is being used where
.htaccess is not.
--Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks Founder Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
New install on Solaris: global.asa not loaded
Posted by "John D. Leonard II" <jo...@ce.gatech.edu>.
All:
I've installed Apache::ASP on a Solaris 5.8 box (Apache 1.3.20, modperl
1.25, PHP, openssl, etc.)
I am having trouble running scripts in the global.asa file. I must have
some setting screwed up on the .htaccess file or the httpd.conf file. But
what????
The global.asa and the index.asp scripts are in the same directories. In
the example below, I've created a "sub HelloWorld" in the global.asa, and am
trying to call it from my main script (with a simple &HelloWorld call.)
Here is the pertinent info:
Debug Output
------------
RUN ASP (v2.17) for /export/services/apache/sites/classes/index.asp
GlobalASA package Apache::ASP::Compiles::_tmp_global_asa
global.asa was cached for _tmp_global_asa
opening lock file /tmp/xxx/server/internal.lock
opening lock file /tmp/xxx/server/application.lock
session id from cookie: 1b4a8652fca3add40393a5f472b82ff5
refreshing 1b4a8652fca3add40393a5f472b82ff5 with timeout 996688378
opening lock file /tmp/xxx/1b/1b4a8652fca3add40393a5f472b82ff5.lock
session not expired - time: 996687478; timeout: 996688339;
tieing session 1b4a8652fca3add40393a5f472b82ff5
file index.asp
parsing index.asp
start parse of data - 308
active undefing sub
Apache::ASP::Compiles::_tmp_global_asa::__ASP__export_services_apache_sites_
classes_index_aspxINL code CODE(0x9e2498)
compiling into package Apache::ASP::Compiles::_tmp_global_asa subid
[Apache::ASP::Compiles::_tmp_global_asa::__ASP__export_services_apache_sites
_classes_index_aspxINL]
executing __ASP__export_services_apache_sites_classes_index_aspxINL
tieing response package for STDOUT
Undefined subroutine &Apache::ASP::Compiles::_tmp_global_asa::HelloWorld
called at index.asp line 33. ,
/usr/local/lib/perl5/site_perl/5.6.0/Apache/ASP.pm line 1545
Here is part of my .htaccess file:
----------------------------------
PerlSetVar Global .
#PerlSetVar GlobalPackage Apache::ASP::Demo
PerlSetVar UniquePackages 0
PerlSetVar StateDir /tmp/xxx
PerlSetVar StatINC 0
#PerlSetVar StatINCMatch 0
PerlSetVar Clean 0
PerlSetVar DynamicIncludes 0
PerlSetVar FileUploadMax 25000
PerlSetVar FileUploadTemp 1
PerlSetVar SessionQueryParse 0
PerlSetVar SessionQuery 1
PerlSetVar Debug -3
PerlSetVar StateCache 0
PerlSetVar SessionCount 1
PerlSetVar TimeHiRes 1
PerlSetVar CompressGzip 0
PerlSetVar StateGroupWrite 1
Suggestions? I figure that it is something really simple.
Thanks!
JL
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Auth
Posted by "Philip <test>" <pm...@aaanime.net>.
On Mon, 25 Jun 2001, Dariusz Pietrzak wrote:
> this may be a little bit offtopic for this list,
> but maybe someone knows how to cancecl authentication
> done by apache ( I need logout button, and generaly ability
> to cancel auth via some function ).
I'm not sure if it's actually possible to do this. When you use HTTP
Authentication, the user's web browser remembers the username and password
that they typed in, and automatically sends it with all subsequent
requests to the server. I'm not sure if there is a way for the server to
tell the web browser to stop sending the password.
-Philip Mak (pmak@aaanime.net)
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org